Right management |
In the array "right management" settings concerning privileges and permissions can be managed.
Users can ask for missing rights If this setting is active users can ask for missing rights. See Manage permissions and rights.
Only a member of the administrator group can manage them Activate this option if only members of the administrator group are allowed to manage them. Through this users, which own access to the "user and group management", can only manage administrators if they are a member of the administrator group.
Allow user login outside of the domain (e.g.: USB stick modus) If this option is activated the Windows login password of the Active Directory user will also be saved as an internal Password Safe password. So the user can log on the database with his/her Active Directory password also if he/she is not linked with the domain.
Administrator and administrator group can be deleted in the permissions It is possible to completely delete the administrator and the administrator group from the permissions. Hereby also completely private passwords/records are possible. Consequently the administrator has no longer access. Please also notice that without an administrator in a permission no logbook entries will be written for that record.
Pass on changes of permissions to subordinated folders and records If this setting is deactivated the question of inheritance will no longer be displayed and changes of permissions will no longer be passed on to subordinated folders and records. The automatic inheritance to a new record is not concerned by this and is still carried out.
Users can choose between private and public records If this setting is active you will be asked for every new record if this record should be private or public. With the choice "private" only the current user will be lodged in the rights of the record. With the choice "public" the normal inheritance of rights from the superordinate folder takes effect. In both cases the rights can be adapted manually afterwards. A private record can therefore however be made accessible to other users later on.
Template for root folder Is required to define the folder rights in the root (highest level for folders). If no template is deposited here every user can start a folder in the root.
Template for records This template only applies if no inheritance of rights is carried out to the record. As an example we can name the bank because it is not allocated to any folder but exists overall. This is exactly when this template takes effect. If no template is deposited the administrator and the administrator group will be added in addition to the user that receives full access.
The configuration in the database settings is only available if the user has the right "... can manage users and groups". Generally it is suggestive to possibly only give this right to the administrator.
You can find further information in the chapter right templates. |